Wireshark-bugs: [Wireshark-bugs] [Bug 7365] New: Add support for Gigamon timestamp trailer (diff
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 13 Jun 2012 02:21:46 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7365

           Summary: Add support for Gigamon timestamp trailer (different
                    from existing Gigamon header format)
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: sdahiya@xxxxxxxxx


Created attachment 8600
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8600
Sample capture with Gigamon timestamp trailer

Build Information:
wireshark 1.9.0 (SVN Rev 43228 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.1, with libpcap, with libz 1.2.3.4, without POSIX capabilities,
without SMI, without c-ares, without ADNS, without Lua, without Python, without
GnuTLS, without Gcrypt, without Kerberos, without GeoIP, without PortAudio,
with
AirPcap.

Running on Linux 3.2.0-24-generic-pae, with locale en_US.UTF-8, with libpcap
version 1.1.1, with libz 1.2.3.4, without AirPcap.

Built using gcc 4.6.3.
--
The "gmhdr" dissector has support for the generic format Gigamon
header/trailer.
There is a new format of timestamp trailer added by new Gigamon devices.

The new format timestamp trailer adds 14 bytes of trailer to packets. The FCS
for the packet is updated after adding the Gigamon timestamp trailer. The
format of Gigamon timestamp trailer is static and includes:
* 4 bytes of original FCS for the packet
* 2 bytes (hex) of source port id, to identify the box-id+ port-id that the
packet was received on
* 8 bytes of timestamp

To identify if the packet contains the Gigamon timestamp trailer, the checksum
can computed on 14 bytes of trailer with the seed value as the 4-bytes original
FCS of the packet. If the computed CRC matches the FCS of the received packet,
the packet can be assumed to have the Gigamon timestamp trailer.

A reference implementation is attached as a patch to the existing dissector for
"gmhdr" file.
Screenshots for packet captures before and after patch are also attached.
A reference file with sample packet captures is also attached.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.